Why FireFox and Google Chrome are a big security risk

Most of the people use browsers like FireFox and Google Chrome to avoid any security related issues usually belong to Internet Explorer. They stop using IE because its too damn slow, memory hogging beast, and has a number of security vulnerabilities.

Obviously, other choices are FireFox, Google Chrome and Safari etc. But still you have to be careful when using FireFox or Google Chrome because both can reveal your stored passwords!

Google Chrome will reveal your saved passwords to anyone who wants them, with no possibility of securing them with a master password. The screen shot below shows what happens when I use Chrome to save my password for gmail, I can then just go and open chrome options, click “Show Saved passwords” and select an entry there, and click “Show password” (in the image that button is titled “Hide password” after clicking it.)

(Click on Image for Lager View)

With Firefox, the default behavior is to allow anyone to see your passwords as well, but you can actively choose to use a master password in Firefox to make this less accessible. By default passwords are open for anyone to see. With Chrome, there isn’t even a “master password” option. This needs to be fixed in Chrome to make it more secure browser.

Technically speaking, passwords are stored using Windows DPAPI. This means that they are encrypted using a key derived from the login password. We don't actually know what that key is – DPAPI is a service provided by the OS where you just hand it data, and it hands you back encrypted data. So they are protected on disk.

As far as not allowing users to view the password - You can do this in Firefox, and many people have said that this is a valuable feature for them. Not to mention that if someone is sitting at your computer, they could easily extract the saved password a number of other ways.

Here is something interesting:

Even if you choose to use a master password in Firefox, all it takes is someone to come by and install Google Chrome on your PC and import all the settings from Firefox.
When Chrome imports the settings from Firefox, it imports all the passwords too! .... which they can then use to view the passwords. Creepy right? Well it gets worse... you can do the same thing to Safari passwords by installing Firefox... just import the settings from Safari and abracadabra, you can view them in Firefox! So none of them are safe when using this method...

 The best option to use for any browser is: Don't save the passwords.

People who read this post also read :